Skip to content

Java: Make security-related TaintTracking Configuration public#8676

Merged
aschackmull merged 3 commits into
github:mainfrom
pwntester:java_hotspots_mods
Apr 6, 2022
Merged

Java: Make security-related TaintTracking Configuration public#8676
aschackmull merged 3 commits into
github:mainfrom
pwntester:java_hotspots_mods

Conversation

@pwntester

Copy link
Copy Markdown
Contributor

Make security-related taint tracking configuration public so they can be imported for sink identification

  • Update Sql Injection queries
  • Update CommandLineQuery

move java/ql/src/Security/CWE/CWE-089/SqlInjectionLib.qll -> java/ql/lib/semmle/code/java/security/SqlInjectionQuery.qll
Make TaintTracking configuration public
@pwntester pwntester requested a review from a team as a code owner April 6, 2022 09:21
@github-actions github-actions Bot added the Java label Apr 6, 2022

@atorralba atorralba left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

RemoteUserInputToArgumentToExecFlowConfig and QueryInjectionFlowConfig are now missing QLDoc, but otherwise this LGTM.

@atorralba atorralba added the no-change-note-required This PR does not need a change note label Apr 6, 2022
@aschackmull aschackmull merged commit 879b8a1 into github:main Apr 6, 2022
@owen-mc owen-mc changed the title Make security-related TaintTracking Configuration public Java: Make security-related TaintTracking Configuration public Nov 2, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Java no-change-note-required This PR does not need a change note

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants